Using an antivirus today is essential depending on the device we use. For example, if we have a Windows computer , it is essential to use it because hundreds and even thousands of new viruses are being created every day. Windows Defender comes pre-installed, and it is only deactivated if we activate another third-party antivirus . However, are there any viruses that can bypass antivirus ?
Antivirus companies are constantly monitoring malware activity globally. The antivirus analyzes all the files that are running on the computer and sends that data to the company. Thanks to this, the database is always as current as possible. But how does the antivirus detect that malicious content in the first place, if no antivirus has it in the database?
Malware uses similar mechanisms
The key lies in the mechanism used by the malware, which is usually the same as other previously known antivirus. For example, the code of a malware is analyzed and it can be detected if there are malicious intentions in it. In the event that you skip it, if a malware tries to start encrypting a computer all at once, or tries to modify system files in an automated pattern, the antivirus can detect it and block it all at once.
This type of detection mechanism can lead to false positives . This is the case, for example, of programs such as cracks for programs , which perform behaviors such as modifying the program code or even the system to bypass the detection mechanisms. All this is detected as malicious by the antivirus, and blocked from the root.
But some zero-day vulnerabilities slip away
Unfortunately, all of this may not work at times, and there are antivirus programs that may not detect so-called zero-day vulnerabilities . These vulnerabilities consist of security flaws that have not been patched, either at the software or even hardware level . We saw an example with WannaCry, where the computers that did not have the patch installed were infected without the antivirus being able to detect it, since many computers did not have the operating system updated to install the patch, nor the antivirus to detect it.
At AV-TEST, the best antivirus security analysis website, they test millions of threats, whether known or unknown. In fact, they always have a zero-day vulnerability database that they use to check if an antivirus is up to date in terms of protection.
In the latest test, the results of which they released this week, they checked protection against 303 zero-day vulnerabilities . Virtually all antivirus passed with flying colors and protected against all, but one that normally protects against all failed: ESET . The antivirus “ate” four zero-day vulnerabilities.
Therefore, it is possible that there is malware that escapes the antivirus, and that is why we must always be careful with what we do on the computer and the content that we visit or execute. In addition, this also makes us see that it is important to do a complete scan of the computer from time to time, since months or years ago we may have downloaded and stored a file that contains malware, but that at that time was not detected by the antivirus. Thus, if you have a folder of programs and some have not been run in years, and you pass the antivirus, you will see that it surely detects a malicious file.